CVE-2026-9560 – OpenVPN Connect
CVSS 7.8
IMPORTANT
“A critical VPN client weakness can turn trusted remote access into a direct compromise path.”
OpenVPN Inc released a patch for a critical vulnerability affecting OpenVPN Connect. CVE-2026-9560 has a CVSS score of 9.4, which is Critical severity.
The vulnerability involves privilege, permission, and command execution weaknesses that could allow remote code execution and privilege escalation in affected OpenVPN Connect environments. The update strengthens execution controls and access protections to reduce the risk of attackers gaining unauthorized control through the VPN client.
Key Details
- Affected Product
- Openvpn Connect
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-78
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.